Bug#728871: fookebox: bogus secret value in config

Jonas Smedegaard Wed, 06 Nov 2013 04:07:02 -0800

Package: fookebox
Version: 0.6.1-2
Severity: grave
Tags: security
Justification: user security hole


Default config installed as /etc/fookebox/config.ini contains this line:

  beaker.session.secret = somesecret

According to [Pylons documentation] that secret "should be a secret,
ideally randomly generated value on production environments."


 - Jonas


[Pylons documentation]: 
http://docs.pylonsproject.org/projects/pylons-webframework/en/latest/sessions.html


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#728871: fookebox: bogus secret value in config

Reply via email to